Private networks are at risk to directed attacks that attempt to overwhelm services, discover passwords and other valuable information, and otherwise misuse private network resources. The difficulty in detecting and mitigating these attacks is especially challenging when one considers the ever increasing use of the remote work place, and other cross-business “trusted” network connections that make it difficult to maintain a defined and pervasive “firewall” at network boundaries.
Various techniques have evolved in part to cope with these challenges. An enterprise having a private network can select from an ever increasing number of disparate products offered by different software vendors. While generally useful for their intended purposes, these systems require specialized training by dedicated personal for proper interpretation, deployment and maintenance; these systems are usually also incrementally added based on dynamic need, creating a hodge-podge of different systems, rather than leading to an efficient architecture that takes a client's current (and possibly dynamic) needs into account. Furthermore, one vendor's systems are typically incompatible with those of another vendor, leading to suboptimal solutions where a client must typically select a single vendor by balancing both advantages and disadvantages of the products of one vendor against another. Managed services have also arisen where the enterprise can contract a third party company to provide network management services, where the third party company remotely interfaces with the enterprise's security equipment or has personnel stationed on the enterprise's site to manage that security equipment; while generally beneficial to companies wishing to outsource IT security management, these solutions do little in and of themselves to address the vendor integration and custom architecture problems described above. In addition, there exists little in the way of mechanisms for one network security provider to share resources with another. That is, there are few mechanisms that enable network security providers to share experience or data regarding risks (including sources of questionable or offensive data, viruses, programs and sources of directed attacks); it is noted that many enterprises or other providers are reluctant to share such experience or data, because the act of sharing may expose vulnerabilities, opportunities or other consequences for that provider's network(s).
The invention defined by the enumerated claims may be better understood by referring to the following detailed description, which should be read in conjunction with the accompanying drawings. This description of one or more particular embodiments, set out below to enable one to build and use various implementations of the invention or inventions set forth by the claims, is not intended to limit the enumerated claims, but to exemplify their application.